/usr/local/www/vpn_ipsec_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_edit.php @ 9996eff6

1	5b237745	Scott Ullrich	<?php
2			/*
3			vpn_ipsec_edit.php
4	e2411886	Scott Ullrich	part of m0n0wall (http://m0n0.ch/wall)
5	6b11069e	Scott Ullrich
6	e2411886	Scott Ullrich	Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
7	cfc707f7	Scott Ullrich	All rights reserved.
8	6b11069e	Scott Ullrich
9	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11	6b11069e	Scott Ullrich
12	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14	6b11069e	Scott Ullrich
15	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18	6b11069e	Scott Ullrich
19	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29			*/
30
31			require("guiconfig.inc");
32
33			if (!is_array($config['ipsec']['tunnel'])) {
34			$config['ipsec']['tunnel'] = array();
35			}
36			$a_ipsec = &$config['ipsec']['tunnel'];
37
38			$specialsrcdst = explode(" ", "lan");
39
40			$id = $_GET['id'];
41			if (isset($_POST['id']))
42			$id = $_POST['id'];
43	6b11069e	Scott Ullrich
44	5b237745	Scott Ullrich	if (isset($id) && $a_ipsec[$id]) {
45			$pconfig['disabled'] = isset($a_ipsec[$id]['disabled']);
46	9f8018c2	Scott Ullrich	$pconfig['auto'] = isset($a_ipsec[$id]['auto']);
47	c8e8de6f	Scott Ullrich
48	5b237745	Scott Ullrich	if (!isset($a_ipsec[$id]['local-subnet']))
49			$pconfig['localnet'] = "lan";
50			else
51	94420171	Scott Ullrich	address_to_pconfig_vpn($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask']);
52	6b11069e	Scott Ullrich
53	5b237745	Scott Ullrich	if ($a_ipsec[$id]['interface'])
54			$pconfig['interface'] = $a_ipsec[$id]['interface'];
55			else
56			$pconfig['interface'] = "wan";
57	6b11069e	Scott Ullrich
58	5b237745	Scott Ullrich	list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_ipsec[$id]['remote-subnet']);
59			$pconfig['remotegw'] = $a_ipsec[$id]['remote-gateway'];
60			$pconfig['p1mode'] = $a_ipsec[$id]['p1']['mode'];
61	6b11069e	Scott Ullrich
62	5b237745	Scott Ullrich	if (isset($a_ipsec[$id]['p1']['myident']['myaddress']))
63			$pconfig['p1myidentt'] = 'myaddress';
64			else if (isset($a_ipsec[$id]['p1']['myident']['address'])) {
65			$pconfig['p1myidentt'] = 'address';
66			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['address'];
67			} else if (isset($a_ipsec[$id]['p1']['myident']['fqdn'])) {
68			$pconfig['p1myidentt'] = 'fqdn';
69			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['fqdn'];
70			} else if (isset($a_ipsec[$id]['p1']['myident']['ufqdn'])) {
71			$pconfig['p1myidentt'] = 'user_fqdn';
72			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['ufqdn'];
73	52e5d56a	Scott Ullrich	} else if (isset($a_ipsec[$id]['p1']['myident']['dyn_dns'])) {
74			$pconfig['p1myidentt'] = 'dyn_dns';
75			$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['dyn_dns'];
76			}
77	6b11069e	Scott Ullrich
78	5b237745	Scott Ullrich	$pconfig['p1ealgo'] = $a_ipsec[$id]['p1']['encryption-algorithm'];
79			$pconfig['p1halgo'] = $a_ipsec[$id]['p1']['hash-algorithm'];
80			$pconfig['p1dhgroup'] = $a_ipsec[$id]['p1']['dhgroup'];
81			$pconfig['p1lifetime'] = $a_ipsec[$id]['p1']['lifetime'];
82	e2411886	Scott Ullrich	$pconfig['p1authentication_method'] = $a_ipsec[$id]['p1']['authentication_method'];
83	5b237745	Scott Ullrich	$pconfig['p1pskey'] = $a_ipsec[$id]['p1']['pre-shared-key'];
84	e2411886	Scott Ullrich	$pconfig['p1cert'] = base64_decode($a_ipsec[$id]['p1']['cert']);
85			$pconfig['p1peercert'] = base64_decode($a_ipsec[$id]['p1']['peercert']);
86			$pconfig['p1privatekey'] = base64_decode($a_ipsec[$id]['p1']['private-key']);
87	5b237745	Scott Ullrich	$pconfig['p2proto'] = $a_ipsec[$id]['p2']['protocol'];
88			$pconfig['p2ealgos'] = $a_ipsec[$id]['p2']['encryption-algorithm-option'];
89			$pconfig['p2halgos'] = $a_ipsec[$id]['p2']['hash-algorithm-option'];
90			$pconfig['p2pfsgroup'] = $a_ipsec[$id]['p2']['pfsgroup'];
91			$pconfig['p2lifetime'] = $a_ipsec[$id]['p2']['lifetime'];
92			$pconfig['descr'] = $a_ipsec[$id]['descr'];
93	c1f5a46b	Scott Ullrich	$pconfig['pinghost'] = $a_ipsec[$id]['pinghost'];
94	6b11069e	Scott Ullrich
95	5b237745	Scott Ullrich	} else {
96			/* defaults */
97			$pconfig['interface'] = "wan";
98			$pconfig['localnet'] = "lan";
99			$pconfig['p1mode'] = "aggressive";
100			$pconfig['p1myidentt'] = "myaddress";
101	e2411886	Scott Ullrich	$pconfig['p1authentication_method'] = "pre_shared_key";
102	5b237745	Scott Ullrich	$pconfig['p1ealgo'] = "3des";
103			$pconfig['p1halgo'] = "sha1";
104			$pconfig['p1dhgroup'] = "2";
105			$pconfig['p2proto'] = "esp";
106	9aa4a9b1	Scott Ullrich	$pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael,rijndael 256");
107	5b237745	Scott Ullrich	$pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5");
108			$pconfig['p2pfsgroup'] = "0";
109	e2411886	Scott Ullrich	$pconfig['remotebits'] = 32;
110	5b237745	Scott Ullrich	}
111
112			if ($_POST) {
113			if (is_specialnet($_POST['localnettype'])) {
114			$_POST['localnet'] = $_POST['localnettype'];
115			$_POST['localnetmask'] = 0;
116			} else if ($_POST['localnettype'] == "single") {
117			$_POST['localnetmask'] = 32;
118			}
119	6b11069e	Scott Ullrich
120	5b237745	Scott Ullrich	unset($input_errors);
121			$pconfig = $_POST;
122
123			/* input validation */
124	e2411886	Scott Ullrich	if ($_POST['p1authentication_method'] == "pre_shared_key") {
125			$reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos");
126			$reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms");
127			}
128			else {
129			$reqdfields = explode(" ", "localnet remotenet remotebits remotegw p2ealgos p2halgos");
130	6b11069e	Scott Ullrich	$reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,P2 Encryption Algorithms,P2 Hash Algorithms");
131	e2411886	Scott Ullrich	if (!strstr($_POST['p1cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['p1cert'], "END CERTIFICATE"))
132			$input_errors[] = "This certificate does not appear to be valid.";
133			if (!strstr($_POST['p1privatekey'], "BEGIN RSA PRIVATE KEY") \|\| !strstr($_POST['p1privatekey'], "END RSA PRIVATE KEY"))
134	6b11069e	Scott Ullrich	$input_errors[] = "This key does not appear to be valid.";
135	e2411886	Scott Ullrich	if ($_POST['p1peercert']!="" && (!strstr($_POST['p1peercert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['p1peercert'], "END CERTIFICATE")))
136	6b11069e	Scott Ullrich	$input_errors[] = "This peer certificate does not appear to be valid.";
137	e2411886	Scott Ullrich	}
138	6b11069e	Scott Ullrich
139	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
140	6b11069e	Scott Ullrich
141	5b237745	Scott Ullrich	if (!is_specialnet($_POST['localnettype'])) {
142			if (($_POST['localnet'] && !is_ipaddr($_POST['localnet']))) {
143			$input_errors[] = "A valid local network IP address must be specified.";
144			}
145			if (($_POST['localnetmask'] && !is_numeric($_POST['localnetmask']))) {
146			$input_errors[] = "A valid local network bit count must be specified.";
147			}
148			}
149			if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) {
150			$input_errors[] = "The P1 lifetime must be an integer.";
151			}
152			if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) {
153			$input_errors[] = "The P2 lifetime must be an integer.";
154			}
155	e2411886	Scott Ullrich	if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) \|\| ($_POST['remotebits'] < 0) \|\| ($_POST['remotebits'] > 32))) {
156	48cd5211	Scott Ullrich	if(!$_POST['remotebits'] == "0.0.0.0")
157	9f414c69	Scott Ullrich	$input_errors[] = "The remote network bits are invalid.";
158	5b237745	Scott Ullrich	}
159	b03bca86	Scott Ullrich	if (($_POST['remotenet'] && !is_ipaddr($_POST['remotenet'])) or $_POST['remotenet'] == "0.0.0.0") {
160	6aadbe0a	Scott Ullrich	/* allow 0.0.0.0 remote net usage */
161	6b11069e	Scott Ullrich	if($_POST['remotenet'] <> "0.0.0.0")
162	5b237745	Scott Ullrich	$input_errors[] = "A valid remote network address must be specified.";
163			}
164			if (($_POST['remotegw'] && !is_ipaddr($_POST['remotegw']))) {
165	6b11069e	Scott Ullrich	if(is_domain($_POST['remotegw']) == false)
166	e9e89a71	Scott Ullrich	$input_errors[] = "A valid remote gateway address must be specified.";
167	5b237745	Scott Ullrich	}
168			if ((($_POST['p1myidentt'] == "address") && !is_ipaddr($_POST['p1myident']))) {
169			$input_errors[] = "A valid IP address for 'My identifier' must be specified.";
170			}
171			if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) {
172			$input_errors[] = "A valid domain name for 'My identifier' must be specified.";
173			}
174			if ($_POST['p1myidentt'] == "user_fqdn") {
175			$ufqdn = explode("@",$_POST['p1myident']);
176	6b11069e	Scott Ullrich	if (is_domain($ufqdn[1]) == false)
177	5b237745	Scott Ullrich	$input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.";
178	6b11069e	Scott Ullrich	}
179	52e5d56a	Scott Ullrich	if ($_POST['p1myidentt'] == "dyn_dns") {
180	6b11069e	Scott Ullrich	if (is_domain($_POST['p1myidentt']) == false)
181	696ca934	Scott Ullrich	$input_errors[] = "A valid Dynamic DNS address for 'My identifier' must be specified.";
182	5b237745	Scott Ullrich	}
183	6b11069e	Scott Ullrich
184			if($_POST['p1myidentt'] == "fqdn" and $_POST['p1myident'] == "")
185			$input_errors[] = gettext("Please enter a domain name for 'My Identifier'");
186
187			if($_POST['p1myidentt'] == "dyn_dns" and $_POST['p1myident'] == "")
188			$input_errors[] = gettext("Please enter a domain name for 'My Identifier'");
189
190			if($_POST['p1myidentt'] == "address" and $_POST['p1myident'] == "")
191			$input_errors[] = gettext("Please enter a domain name for 'My Identifier'");
192
193			if($_POST['p1myidentt'] == "user_fqdn" and $_POST['p1myident'] == "")
194			$input_errors[] = gettext("Please enter a domain name for 'My Identifier'");
195
196	5b237745	Scott Ullrich	if ($_POST['p1myidentt'] == "myaddress")
197			$_POST['p1myident'] = "";
198
199			if (!$input_errors) {
200			$ipsecent['disabled'] = $_POST['disabled'] ? true : false;
201	c25a575f	Scott Ullrich	//$ipsecent['auto'] = $_POST['auto'] ? true : false;
202	5b237745	Scott Ullrich	$ipsecent['interface'] = $pconfig['interface'];
203			pconfig_to_address($ipsecent['local-subnet'], $_POST['localnet'], $_POST['localnetmask']);
204			$ipsecent['remote-subnet'] = $_POST['remotenet'] . "/" . $_POST['remotebits'];
205			$ipsecent['remote-gateway'] = $_POST['remotegw'];
206			$ipsecent['p1']['mode'] = $_POST['p1mode'];
207	6b11069e	Scott Ullrich
208	5b237745	Scott Ullrich	$ipsecent['p1']['myident'] = array();
209			switch ($_POST['p1myidentt']) {
210			case 'myaddress':
211			$ipsecent['p1']['myident']['myaddress'] = true;
212			break;
213			case 'address':
214			$ipsecent['p1']['myident']['address'] = $_POST['p1myident'];
215			break;
216			case 'fqdn':
217			$ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident'];
218			break;
219			case 'user_fqdn':
220			$ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident'];
221			break;
222	52e5d56a	Scott Ullrich	case 'dyn_dns':
223			$ipsecent['p1']['myident']['dyn_dns'] = $_POST['p1myident'];
224			break;
225	5b237745	Scott Ullrich	}
226	6b11069e	Scott Ullrich
227	5b237745	Scott Ullrich	$ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo'];
228			$ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo'];
229			$ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup'];
230			$ipsecent['p1']['lifetime'] = $_POST['p1lifetime'];
231			$ipsecent['p1']['pre-shared-key'] = $_POST['p1pskey'];
232	e2411886	Scott Ullrich	$ipsecent['p1']['private-key'] = base64_encode($_POST['p1privatekey']);
233			$ipsecent['p1']['cert'] = base64_encode($_POST['p1cert']);
234			$ipsecent['p1']['peercert'] = base64_encode($_POST['p1peercert']);
235			$ipsecent['p1']['authentication_method'] = $_POST['p1authentication_method'];
236	5b237745	Scott Ullrich	$ipsecent['p2']['protocol'] = $_POST['p2proto'];
237			$ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos'];
238			$ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos'];
239			$ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup'];
240			$ipsecent['p2']['lifetime'] = $_POST['p2lifetime'];
241			$ipsecent['descr'] = $_POST['descr'];
242	c1f5a46b	Scott Ullrich	$ipsecent['pinghost'] = $_POST['pinghost'];
243	6b11069e	Scott Ullrich
244	5b237745	Scott Ullrich	if (isset($id) && $a_ipsec[$id])
245			$a_ipsec[$id] = $ipsecent;
246			else
247			$a_ipsec[] = $ipsecent;
248	6b11069e	Scott Ullrich
249	5b237745	Scott Ullrich	write_config();
250			touch($d_ipsecconfdirty_path);
251	6b11069e	Scott Ullrich
252	5b237745	Scott Ullrich	header("Location: vpn_ipsec.php");
253			exit;
254			}
255			}
256	4df96eff	Scott Ullrich
257	b128368a	Bill Marquette	$pgtitle = "VPN: IPsec: Edit tunnel";
258	4df96eff	Scott Ullrich	include("head.inc");
259
260	5b237745	Scott Ullrich	?>
261	422f27c0	Scott Ullrich
262			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
263	e2411886	Scott Ullrich	<?php include("fbegin.inc"); ?>
264	b128368a	Bill Marquette	<p class="pgtitle"><?=$pgtitle?></p>
265	5b237745	Scott Ullrich	<script language="JavaScript">
266			<!--
267			function typesel_change() {
268			switch (document.iform.localnettype.selectedIndex) {
269			case 0: /* single */
270			document.iform.localnet.disabled = 0;
271			document.iform.localnetmask.value = "";
272			document.iform.localnetmask.disabled = 1;
273			break;
274			case 1: /* network */
275			document.iform.localnet.disabled = 0;
276			document.iform.localnetmask.disabled = 0;
277			break;
278			default:
279			document.iform.localnet.value = "";
280			document.iform.localnet.disabled = 1;
281			document.iform.localnetmask.value = "";
282			document.iform.localnetmask.disabled = 1;
283			break;
284			}
285			}
286	e2411886	Scott Ullrich	function methodsel_change() {
287			switch (document.iform.p1authentication_method.selectedIndex) {
288			case 1: /* rsa */
289			document.iform.p1pskey.disabled = 1;
290			document.iform.p1privatekey.disabled = 0;
291			document.iform.p1cert.disabled = 0;
292			document.iform.p1peercert.disabled = 0;
293			break;
294			default: /* pre-shared */
295			document.iform.p1pskey.disabled = 0;
296			document.iform.p1privatekey.disabled = 1;
297			document.iform.p1cert.disabled = 1;
298			document.iform.p1peercert.disabled = 1;
299			break;
300			}
301			}
302	5b237745	Scott Ullrich	//-->
303			</script>
304			<?php if ($input_errors) print_input_errors($input_errors); ?>
305			<form action="vpn_ipsec_edit.php" method="post" name="iform" id="iform">
306			<table width="100%" border="0" cellpadding="6" cellspacing="0">
307	6b11069e	Scott Ullrich	<tr>
308	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Mode</td>
309			<td width="78%" class="vtable"> Tunnel</td>
310			</tr>
311	6b11069e	Scott Ullrich	<tr>
312	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Disabled</td>
313	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
314	5b237745	Scott Ullrich	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
315			<strong>Disable this tunnel</strong><br>
316			<span class="vexpl">Set this option to disable this tunnel without
317			removing it from the list.</span></td>
318			</tr>
319	6b11069e	Scott Ullrich	<tr>
320	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
321	e2411886	Scott Ullrich	<td width="78%" class="vtable"><select name="interface" class="formfld">
322	5b237745	Scott Ullrich	<?php $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
323			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
324			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
325			}
326			foreach ($interfaces as $iface => $ifacename): ?>
327	6b11069e	Scott Ullrich	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
328	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
329			</option>
330			<?php endforeach; ?>
331			</select> <br>
332			<span class="vexpl">Select the interface for the local endpoint of this tunnel.</span></td>
333			</tr>
334	6b11069e	Scott Ullrich	<tr>
335	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Local subnet</td>
336	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
337	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
338	6b11069e	Scott Ullrich	<tr>
339	5b237745	Scott Ullrich	<td>Type:  </td>
340	e2411886	Scott Ullrich	<td></td>
341	5b237745	Scott Ullrich	<td><select name="localnettype" class="formfld" onChange="typesel_change()">
342			<?php $sel = is_specialnet($pconfig['localnet']); ?>
343	6b11069e	Scott Ullrich	<option value="single" <?php if (($pconfig['localnetmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
344	5b237745	Scott Ullrich	Single host</option>
345	6b11069e	Scott Ullrich	<option value="network" <?php if (!$sel) echo "selected"; ?>>
346	5b237745	Scott Ullrich	Network</option>
347	6b11069e	Scott Ullrich	<option value="lan" <?php if ($pconfig['localnet'] == "lan") { echo "selected"; } ?>>
348	5b237745	Scott Ullrich	LAN subnet</option>
349			</select></td>
350			</tr>
351	6b11069e	Scott Ullrich	<tr>
352	5b237745	Scott Ullrich	<td>Address:  </td>
353	e2411886	Scott Ullrich	<td><?=$mandfldhtmlspc;?></td>
354	5b237745	Scott Ullrich	<td><input name="localnet" type="text" class="formfld" id="localnet" size="20" value="<?php if (!is_specialnet($pconfig['localnet'])) echo htmlspecialchars($pconfig['localnet']);?>">
355	6b11069e	Scott Ullrich	/
356	5b237745	Scott Ullrich	<select name="localnetmask" class="formfld" id="localnetmask">
357	e2411886	Scott Ullrich	<?php for ($i = 31; $i >= 0; $i--): ?>
358	5b237745	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['localnetmask']) echo "selected"; ?>>
359			<?=$i;?>
360			</option>
361			<?php endfor; ?>
362			</select> </td>
363			</tr>
364			</table></td>
365			</tr>
366	6b11069e	Scott Ullrich	<tr>
367	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote subnet</td>
368	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
369	e2411886	Scott Ullrich	<?=$mandfldhtml;?><input name="remotenet" type="text" class="formfld" id="remotenet" size="20" value="<?=$pconfig['remotenet'];?>">
370	6b11069e	Scott Ullrich	/
371	5b237745	Scott Ullrich	<select name="remotebits" class="formfld" id="remotebits">
372	e2411886	Scott Ullrich	<?php for ($i = 32; $i >= 0; $i--): ?>
373	6b11069e	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['remotebits']) echo "selected"; ?>>
374	5b237745	Scott Ullrich	<?=$i;?>
375			</option>
376			<?php endfor; ?>
377			</select></td>
378			</tr>
379	6b11069e	Scott Ullrich	<tr>
380	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Remote gateway</td>
381	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
382			<?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld" id="remotegw" size="20" value="<?=$pconfig['remotegw'];?>">
383	5b237745	Scott Ullrich	<br>
384			Enter the public IP address of the remote gateway</td>
385			</tr>
386	6b11069e	Scott Ullrich	<tr>
387	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Description</td>
388	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
389			<input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
390			<br> <span class="vexpl">You may enter a description here
391	5b237745	Scott Ullrich	for your reference (not parsed).</span></td>
392			</tr>
393	6b11069e	Scott Ullrich	<tr>
394	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
395			</tr>
396	6b11069e	Scott Ullrich	<tr>
397			<td colspan="2" valign="top" class="listtopic">Phase 1 proposal
398	5b237745	Scott Ullrich	(Authentication)</td>
399			</tr>
400	6b11069e	Scott Ullrich	<tr>
401	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Negotiation mode</td>
402			<td width="78%" class="vtable">
403	e2411886	Scott Ullrich	<select name="p1mode" class="formfld">
404	5b237745	Scott Ullrich	<?php $modes = explode(" ", "main aggressive"); foreach ($modes as $mode): ?>
405	6b11069e	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1mode']) echo "selected"; ?>>
406	5b237745	Scott Ullrich	<?=htmlspecialchars($mode);?>
407			</option>
408			<?php endforeach; ?>
409	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl">Aggressive is faster, but
410	5b237745	Scott Ullrich	less secure.</span></td>
411			</tr>
412	6b11069e	Scott Ullrich	<tr>
413	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">My identifier</td>
414			<td width="78%" class="vtable">
415	e2411886	Scott Ullrich	<select name="p1myidentt" class="formfld">
416	5b237745	Scott Ullrich	<?php foreach ($my_identifier_list as $mode => $modename): ?>
417	6b11069e	Scott Ullrich	<option value="<?=$mode;?>" <?php if ($mode == $pconfig['p1myidentt']) echo "selected"; ?>>
418	5b237745	Scott Ullrich	<?=htmlspecialchars($modename);?>
419			</option>
420			<?php endforeach; ?>
421	6b11069e	Scott Ullrich	</select> <input name="p1myident" type="text" class="formfld" id="p1myident" size="30" value="<?=$pconfig['p1myident'];?>">
422	5b237745	Scott Ullrich	</td>
423			</tr>
424	6b11069e	Scott Ullrich	<tr>
425	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithm</td>
426			<td width="78%" class="vtable">
427	e2411886	Scott Ullrich	<select name="p1ealgo" class="formfld">
428	5b237745	Scott Ullrich	<?php foreach ($p1_ealgos as $algo => $algoname): ?>
429	6b11069e	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1ealgo']) echo "selected"; ?>>
430	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
431			</option>
432			<?php endforeach; ?>
433	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
434	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
435			</tr>
436	6b11069e	Scott Ullrich	<tr>
437	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithm</td>
438			<td width="78%" class="vtable">
439	e2411886	Scott Ullrich	<select name="p1halgo" class="formfld">
440	5b237745	Scott Ullrich	<?php foreach ($p1_halgos as $algo => $algoname): ?>
441	6b11069e	Scott Ullrich	<option value="<?=$algo;?>" <?php if ($algo == $pconfig['p1halgo']) echo "selected"; ?>>
442	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
443			</option>
444			<?php endforeach; ?>
445	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
446	5b237745	Scott Ullrich	chosen on the remote side. </span></td>
447			</tr>
448	6b11069e	Scott Ullrich	<tr>
449	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">DH key group</td>
450			<td width="78%" class="vtable">
451	e2411886	Scott Ullrich	<select name="p1dhgroup" class="formfld">
452	5b237745	Scott Ullrich	<?php $keygroups = explode(" ", "1 2 5"); foreach ($keygroups as $keygroup): ?>
453	6b11069e	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p1dhgroup']) echo "selected"; ?>>
454	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroup);?>
455			</option>
456			<?php endforeach; ?>
457	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
458	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em><br>
459			Must match the setting chosen on the remote side. </span></td>
460			</tr>
461	6b11069e	Scott Ullrich	<tr>
462	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
463	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
464	5b237745	Scott Ullrich	<input name="p1lifetime" type="text" class="formfld" id="p1lifetime" size="20" value="<?=$pconfig['p1lifetime'];?>">
465			seconds</td>
466			</tr>
467	6b11069e	Scott Ullrich	<tr>
468	e2411886	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Authentication method</td>
469	5dd55fa3	Scott Ullrich	<td width="78%" class="vtable">
470	e2411886	Scott Ullrich	<select name="p1authentication_method" class="formfld" onChange="methodsel_change()">
471			<?php foreach ($p1_authentication_methods as $method => $methodname): ?>
472	6b11069e	Scott Ullrich	<option value="<?=$method;?>" <?php if ($method == $pconfig['p1authentication_method']) echo "selected"; ?>>
473	e2411886	Scott Ullrich	<?=htmlspecialchars($methodname);?>
474			</option>
475			<?php endforeach; ?>
476	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl">Must match the setting
477	e2411886	Scott Ullrich	chosen on the remote side.</span></td>
478			</tr>
479	6b11069e	Scott Ullrich	<tr>
480	e2411886	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Pre-Shared Key</td>
481	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
482			<?=$mandfldhtml;?><input name="p1pskey" type="text" class="formfld" id="p1pskey" size="40" value="<?=htmlspecialchars($pconfig['p1pskey']);?>">
483	5b237745	Scott Ullrich	</td>
484			</tr>
485	6b11069e	Scott Ullrich	<tr>
486	e2411886	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Certificate</td>
487	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
488	e2411886	Scott Ullrich	<textarea name="p1cert" cols="65" rows="7" id="p1cert" class="formpre"><?=htmlspecialchars($pconfig['p1cert']);?></textarea>
489	6b11069e	Scott Ullrich	<br>
490	e2411886	Scott Ullrich	Paste a certificate in X.509 PEM format here.</td>
491			</tr>
492	6b11069e	Scott Ullrich	<tr>
493	e2411886	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Key</td>
494	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
495	e2411886	Scott Ullrich	<textarea name="p1privatekey" cols="65" rows="7" id="p1privatekey" class="formpre"><?=htmlspecialchars($pconfig['p1privatekey']);?></textarea>
496	6b11069e	Scott Ullrich	<br>
497	e2411886	Scott Ullrich	Paste an RSA private key in PEM format here.</td>
498			</tr>
499	6b11069e	Scott Ullrich	<tr>
500	e2411886	Scott Ullrich	<td width="22%" valign="top" class="vncell">Peer certificate</td>
501	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
502	e2411886	Scott Ullrich	<textarea name="p1peercert" cols="65" rows="7" id="p1peercert" class="formpre"><?=htmlspecialchars($pconfig['p1peercert']);?></textarea>
503	6b11069e	Scott Ullrich	<br>
504	e2411886	Scott Ullrich	Paste the peer X.509 certificate in PEM format here.<br>
505			Leave this blank if you want to use a CA certificate for identity validation.</td>
506			</tr>
507	6b11069e	Scott Ullrich	<tr>
508	5b237745	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
509			</tr>
510	6b11069e	Scott Ullrich	<tr>
511			<td colspan="2" valign="top" class="listtopic">Phase 2 proposal
512	5b237745	Scott Ullrich	(SA/Key Exchange)</td>
513			</tr>
514	6b11069e	Scott Ullrich	<tr>
515	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Protocol</td>
516			<td width="78%" class="vtable">
517	e2411886	Scott Ullrich	<select name="p2proto" class="formfld">
518	5b237745	Scott Ullrich	<?php foreach ($p2_protos as $proto => $protoname): ?>
519	6b11069e	Scott Ullrich	<option value="<?=$proto;?>" <?php if ($proto == $pconfig['p2proto']) echo "selected"; ?>>
520	5b237745	Scott Ullrich	<?=htmlspecialchars($protoname);?>
521			</option>
522			<?php endforeach; ?>
523	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl">ESP is encryption, AH is
524	5b237745	Scott Ullrich	authentication only </span></td>
525			</tr>
526	6b11069e	Scott Ullrich	<tr>
527	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Encryption algorithms</td>
528	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
529	5b237745	Scott Ullrich	<?php foreach ($p2_ealgos as $algo => $algoname): ?>
530	6b11069e	Scott Ullrich	<input type="checkbox" name="p2ealgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2ealgos'])) echo "checked"; ?>>
531	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
532	6b11069e	Scott Ullrich	<br>
533	5b237745	Scott Ullrich	<?php endforeach; ?>
534			<br>
535	6b11069e	Scott Ullrich	Hint: use 3DES for best compatibility or if you have a hardware
536			crypto accelerator card. Blowfish is usually the fastest in
537	5b237745	Scott Ullrich	software encryption. </td>
538			</tr>
539	6b11069e	Scott Ullrich	<tr>
540	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Hash algorithms</td>
541	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
542	5b237745	Scott Ullrich	<?php foreach ($p2_halgos as $algo => $algoname): ?>
543	6b11069e	Scott Ullrich	<input type="checkbox" name="p2halgos[]" value="<?=$algo;?>" <?php if (in_array($algo, $pconfig['p2halgos'])) echo "checked"; ?>>
544	5b237745	Scott Ullrich	<?=htmlspecialchars($algoname);?>
545	6b11069e	Scott Ullrich	<br>
546	5b237745	Scott Ullrich	<?php endforeach; ?>
547			</td>
548			</tr>
549	6b11069e	Scott Ullrich	<tr>
550	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">PFS key group</td>
551			<td width="78%" class="vtable">
552	e2411886	Scott Ullrich	<select name="p2pfsgroup" class="formfld">
553	5b237745	Scott Ullrich	<?php foreach ($p2_pfskeygroups as $keygroup => $keygroupname): ?>
554	6b11069e	Scott Ullrich	<option value="<?=$keygroup;?>" <?php if ($keygroup == $pconfig['p2pfsgroup']) echo "selected"; ?>>
555	5b237745	Scott Ullrich	<?=htmlspecialchars($keygroupname);?>
556			</option>
557			<?php endforeach; ?>
558	6b11069e	Scott Ullrich	</select> <br> <span class="vexpl"><em>1 = 768 bit, 2 = 1024
559	5b237745	Scott Ullrich	bit, 5 = 1536 bit</em></span></td>
560			</tr>
561	6b11069e	Scott Ullrich	<tr>
562	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Lifetime</td>
563	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
564	5b237745	Scott Ullrich	<input name="p2lifetime" type="text" class="formfld" id="p2lifetime" size="20" value="<?=$pconfig['p2lifetime'];?>">
565			seconds</td>
566			</tr>
567	6b11069e	Scott Ullrich	<tr>
568	c1f5a46b	Scott Ullrich	<td colspan="2" class="list" height="12"></td>
569			</tr>
570	6b11069e	Scott Ullrich	<tr>
571	c1f5a46b	Scott Ullrich	<td colspan="2" valign="top" class="listtopic">Keep alive</td>
572			</tr>
573	6b11069e	Scott Ullrich	<tr>
574	c1f5a46b	Scott Ullrich	<td width="22%" valign="top" class="vncell">Automatically ping host</td>
575	6b11069e	Scott Ullrich	<td width="78%" class="vtable">
576	c1f5a46b	Scott Ullrich	<input name="pinghost" type="text" class="formfld" id="pinghost" size="20" value="<?=$pconfig['pinghost'];?>"></td>
577	6b11069e	Scott Ullrich	</tr>
578			<tr>
579	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
580	6b11069e	Scott Ullrich	<td width="78%">
581			<input name="Submit" type="submit" class="formbtn" value="Save">
582	5b237745	Scott Ullrich	<?php if (isset($id) && $a_ipsec[$id]): ?>
583	6b11069e	Scott Ullrich	<input name="id" type="hidden" value="<?=$id;?>">
584	5b237745	Scott Ullrich	<?php endif; ?>
585			</td>
586			</tr>
587			</table>
588			</form>
589			<script language="JavaScript">
590			<!--
591			typesel_change();
592	e2411886	Scott Ullrich	methodsel_change();
593	5b237745	Scott Ullrich	//-->
594			</script>
595			<?php include("fend.inc"); ?>
596	94420171	Scott Ullrich
597
598			<?php
599
600			function address_to_pconfig_vpn($adr, &$padr, &$pmask) {
601
602			if ($adr['network'])
603			$padr = $adr['network'];
604			else if ($adr['address']) {
605			list($padr, $pmask) = explode("/", $adr['address']);
606			if (is_null($pmask))
607			$pmask = 32;
608			}
609			}
610
611	b128368a	Bill Marquette	?>

Project

General

Profile

pfSense